Skip to main content

Sicam Siapp Sdk CVE-2026-25571

MEDIUM
Improper Handling of Length Parameter Inconsistency (CWE-130)
2026-03-10 productcert@siemens.com
5.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.1 MEDIUM
AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:55 vuln.today
CVE Published
Mar 10, 2026 - 18:18 nvd
MEDIUM 5.1

DescriptionCVE.org

A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). The SICAM SIAPP SDK client component does not enforce maximum length checks on certain variables before use. This could allow an attacker to send an oversized input that could trigger a stack overflow crashing the process and potentially causing denial of service.

AnalysisAI

Stack overflow in SICAM SIAPP SDK versions below 2.1.7 results from missing input length validation on client-side variables, allowing local attackers to trigger denial of service by submitting oversized inputs that crash the affected process. The vulnerability requires local access and manual user interaction but carries no availability impact mitigation since no patch is currently available.

Technical ContextAI

has been identified in SICAM SIAPP SDK (All versions < V2.1.7). The SICAM SIAPP SDK client component does not enforce maximum length checks on certain variables before use. This could allow an attacker to send an oversized input that could trigger a stack overflow crashing the process and potentially causing denial of service.

RemediationAI

Monitor vendor advisories for a patch.

Share

CVE-2026-25571 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy